Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

CSS 11506 nat to inside

Hello,

Is it possible that servers behind the CSS to see the source ip address of the request to that of

the CSS in the servers' LAN ?

Example: CSS is connected to the Internet with the ip address 100.100.100.100, has some

servers conencted to it and load balances the connection. The servers' LAN is 192.168.1.0/24 and

the CSS has the 192.168.1.1.

When a connection arrives from 200.200.200.200, from the Internet, I would like the CSS to replace

200.200.200.200 with 192.168.1.1 when it sends the request to a server.

If you need more clarifications, please tell me.

Thank you,

Constantin Blanariu

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Bronze

Re: CSS 11506 nat to inside

Hi Constantin,

Admitted, I'm not the leading expert on CSS. But I think a source-group configuration would work for you (it did for me).

A source-group is a collection of services, to which incoming traffic will be NAT'ed to a different address. An example could look like the following:

service websrv1

  ip address 192.168.1.10

  keepalive frequency 60
  redundant-index 10
  keepalive type http
  active

service websrv2

  ip address 192.168.1.11

  keepalive  frequency 60
   redundant-index 11
   keepalive type http
   active

And all you need to do is to create a source-group and define the services, to which you want to NAT incoming traffic:

group websrv-clientnat

  add destination websrv1

  add destination websrv2

  vip address 192.168.1.7

  active

This should do the trick. I'm not sure that you can actually define the CSS-address as the VIP in your group-definition, so you might want to select another address.

hth

/Ulrich

2 REPLIES
Bronze

Re: CSS 11506 nat to inside

Hi Constantin,

Admitted, I'm not the leading expert on CSS. But I think a source-group configuration would work for you (it did for me).

A source-group is a collection of services, to which incoming traffic will be NAT'ed to a different address. An example could look like the following:

service websrv1

  ip address 192.168.1.10

  keepalive frequency 60
  redundant-index 10
  keepalive type http
  active

service websrv2

  ip address 192.168.1.11

  keepalive  frequency 60
   redundant-index 11
   keepalive type http
   active

And all you need to do is to create a source-group and define the services, to which you want to NAT incoming traffic:

group websrv-clientnat

  add destination websrv1

  add destination websrv2

  vip address 192.168.1.7

  active

This should do the trick. I'm not sure that you can actually define the CSS-address as the VIP in your group-definition, so you might want to select another address.

hth

/Ulrich

Re: CSS 11506 nat to inside

Thank you, Ulrich!

group did the trick!

Constantin

1150
Views
0
Helpful
2
Replies